1 { config, lib, pkgs, ... }:
5 cfg = config.services.pykms;
6 libDir = "/var/lib/pykms";
10 meta.maintainers = with lib.maintainers; [ peterhoeg ];
13 (mkRemovedOptionModule [ "services" "pykms" "verbose" ] "Use services.pykms.logLevel instead")
21 description = lib.mdDoc "Whether to enable the PyKMS service.";
24 listenAddress = mkOption {
27 description = lib.mdDoc "The IP address on which to listen.";
33 description = lib.mdDoc "The port on which to listen.";
36 openFirewallPort = mkOption {
39 description = lib.mdDoc "Whether the listening port should be opened automatically.";
42 memoryLimit = mkOption {
45 description = lib.mdDoc "How much memory to use at most.";
49 type = types.enum [ "CRITICAL" "ERROR" "WARNING" "INFO" "DEBUG" "MININFO" ];
51 description = lib.mdDoc "How much to log";
54 extraArgs = mkOption {
55 type = types.listOf types.str;
57 description = lib.mdDoc "Additional arguments";
62 config = mkIf cfg.enable {
63 networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ];
65 systemd.services.pykms = {
66 description = "Python KMS";
67 after = [ "network.target" ];
68 wantedBy = [ "multi-user.target" ];
69 # python programs with DynamicUser = true require HOME to be set
70 environment.HOME = libDir;
71 serviceConfig = with pkgs; {
73 StateDirectory = baseNameOf libDir;
74 ExecStartPre = "${getBin pykms}/libexec/create_pykms_db.sh ${libDir}/clients.db";
75 ExecStart = lib.concatStringsSep " " ([
76 "${getBin pykms}/bin/server"
78 "--loglevel=${cfg.logLevel}"
79 "--sqlite=${libDir}/clients.db"
80 ] ++ cfg.extraArgs ++ [
84 ProtectHome = "tmpfs";
85 WorkingDirectory = libDir;
86 SyslogIdentifier = "pykms";
87 Restart = "on-failure";
88 MemoryLimit = cfg.memoryLimit;